[cmake-developers] Support of codesign
Clinton Stimpson
clinton at elemtech.com
Mon Sep 29 14:00:59 EDT 2014
On Monday, September 29, 2014 01:23:04 PM Chuck Atkins wrote:
> > Maybe it shouldn't even be a CPack thing..... Maybe it should be an
> > install time step so that all CPack generators will contains signed
> > binaries if codesign is used...
>
> I know this is a bit after the fact and I'm jumping in here pretty late,
> but...
>
> It would be nice to have package signing as a general top level CPack
> feature. Most supported package formats support some form of signing, rpm
> and deb with gpg keys, apple bundles, dmgs, nsis installers, etc. Could
> this be done as a generic CPack variable, CPACK_PACKAGE_SIGNING_KEY, for
> example, and then if set, then each CPack generator would use it
> accordingly?
>
> Just a thought, not to derail this current patch though.
The patch does introduce a SignPackage() function, but what its really doing
is signing the application, not the package. There is another suggestion for
the patch -- rename the SignPackage() function to be clear that the
application is being signed, not the package. At least in the CPack context,
the package is the .dmg file, not the .app bundle.
The Bundle generator creates an application bundle plus the package. Because
the Bundle generator makes the application, a user would want a way to sign
it. This is why its Bundle generator specific. With any other generator, the
application signing can be done with an install() command.
I think application signing is generally not a CPack thing, but there probably
isn't much of a choice if the Bundle generator is used.
Clint
More information about the cmake-developers
mailing list